Feature: Control Over Non-Enterprise Connections in Public Client Endpoint
Description: We are requesting a feature that would allow more granular control over the public exposure of connection details in Auth0, particularly for non-enterprise connections. When the Home Realm Discovery (HRD) feature is turned off, domain details related to enterprise connections are hidden from the /client/client_id.js endpoint, but this does not extend to non-enterprise connections. This behavior leads to potential security concerns as configuration details are still accessible via publicly available endpoints.
Use-case: Our team is undergoing security evaluations and has identified the unnecessary exposure of configuration details through public endpoints as a potential issue. The ability to control the visibility of all connection details—regardless of their enterprise or non-enterprise status—would help enhance our security posture.
